Entrust Instant Financial Issuance 代码问题漏洞

Entrust Instant Financial Issuance Entrust Cardwizard is an instant financial card issuance solution from US-based Entrust Corporation. A code issue vulnerability exists in Entrust Instant Financial Issuance version 5.x, versions prior to 6.10.5, and versions prior to 6.11.1, which stems from an...

CVE-2024-39342

Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...

CVE-2024-39342

Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...

CVE-2024-39341

CVE-2024-39341 affects Entrust Instant Financial Issuance (On Premise) software (6.10.0, 6.9.x, 6.8.x and earlier). A configuration file WebAPI.cfg.xml is left behind after installation and can be accessed without authentication via HTTP port 80, exposing system configuration parameter names and ...